How to Create New Active Directory from Directory Services recovery mode

I have a Server 2003 std machine with a completely corrupt AD. I have tried repair and recovery but no joy.
ALL the existing backups seem to have been made after the corruption occured (it went unnoticed for just over a week).
My only option is to create a new AD and add the users etc. all over.
There is no Exchange Server installed so what's the quickest way to do this I can't seem to work it out (bearing in mind I can only get in in Directory Services recovery mode)?

Thanks
LVL 4
CoreDigitalAsked:
Who is Participating?
 
Netman66Connect With a Mentor Commented:
You can't.  There is no way to remove/install AD from the Recovery Console.

It's a re-install, I'm afraid.

0
 
Jay_Jay70Commented:
i havent tried but can you demote the machine in DS restore mode? run DCPROMO if that fails, run DCPROMO /FORCEREMOVAL and then use ntdsutil to perform a metadats cleanup

i do not know if this will run as i havent tried in the restore mode
0
 
CoreDigitalAuthor Commented:
Full re-install? Or will a repair install work?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Netman66Commented:
A repair won't work because your AD is no longer a base default installation - and it's this NTDS.DIT that's bad.

0
 
CoreDigitalAuthor Commented:
That is kind of what I feared.
I have found a system state backup on some old media from about 2 years ago but I'm assuming that it will be too old.
0
 
Netman66Commented:
Yes.  Tombstone is 60 days.

0
 
Netman66Commented:
If you're looking to recover data rather than care about the domain, then install a temporary IDE HDD and install server, put the drivers on for the RAID controller then access and copy off any data you need from the array.

0
 
CoreDigitalAuthor Commented:
As a last resort before a complete rebuild I copied over the NTDS folder from an old demoted raid drive from about six months ago and it now lets me back in and I can see all the users, computers etc. Only problem is that no workstations can log in (The message says that no domain controller can be found).
Am I any closer now? Or should I just bite the bullet?
0
 
Netman66Commented:
You're no closer - the NTDS.DIT file is the AD database.  If it's not usable, then your domain is toast.

0
 
CoreDigitalAuthor Commented:
Yes but I DO now have a "good" NTDS.DIT file it's just that it's a bit old and hasn't been restored in the usual manner. At least now I can access the server.
The reasoning I have is that there's just too much stuff installed on the server for it to be desirable to rebuild.
Now that I can login normally can I not demote then promote again (at the very worst)?
0
 
Netman66Commented:
You can try DCPROMO /forceremoval - but I have my doubts.

Since this is the only DC you're going to lose the domain and all security principals so unless the applications installed are tolerant with all that then you're still in for a world of hurt.

The old NTDS.DIT is beyond 60 days so it will be a big problem if you try to use it again - besides, it's not as simple as copying the file there - it has to be restored with System state.

0
 
CoreDigitalAuthor Commented:
Oh well it was worth a try. Time to go bury my head in it now.
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.